Privacy Policy

Last updated: 17 February 2026

1. Who We Are

Moula is operated by SAROMAN SERVICES, a société à responsabilité limitée registered under number 939 635 439, with its registered office at 9 rue des Colonnes, 75002 Paris, France.

SAROMAN SERVICES SARL acts as the data controller within the meaning of the General Data Protection Regulation (EU) 2016/679 ("GDPR") for personal data processed through the Moula service.

For any questions regarding this Policy or your personal data, you may contact us via the contact form available on our website.

2. Scope of This Policy

This Privacy Policy explains how we collect, use, store, and protect personal data when you access or use Moula, including when you create an account, subscribe to a paid plan, or interact with our website.

It applies to users located in the European Union and internationally. Where local laws grant additional rights, those rights remain applicable.

3. Personal Data We Process

When you use Moula, we may process the following categories of personal data:

  • Identification data such as your email address and login credentials when you create an account.
  • Account-related information necessary to provide the Service.
  • Portfolio and transaction data that you voluntarily enter or import into the platform.
  • Technical information such as IP address, device type, browser type, and operating system.
  • Usage information relating to how you interact with the Service, including pages visited and features used.
  • Billing information processed through our payment service providers.
  • Communications exchanged with our support team.

We do not intentionally collect special categories of personal data (such as health data or biometric data). We do not knowingly collect personal data from individuals under 18 years of age.

4. Purposes and Legal Bases for Processing

We process personal data for the following purposes:

  • To provide and operate the Service, including account creation, authentication, portfolio tracking, and subscription management. This processing is based on the performance of a contract.
  • To ensure platform security, prevent fraud, and protect our infrastructure. This processing is based on our legitimate interest in securing our systems and users.
  • To improve and develop the Service, including analyzing aggregated usage patterns. Where required by law (notably in the EU), analytics tools are used only on the basis of your consent.
  • To comply with our legal and accounting obligations, including retention of billing records under French law. This processing is based on compliance with legal obligations.
  • To respond to support requests and user inquiries. This processing is based on the performance of a contract or our legitimate interest in providing customer support.

Where consent is required, you may withdraw it at any time without affecting the lawfulness of processing carried out prior to withdrawal.

5. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described above.

  • Account data is retained for the duration of your account and may be deleted upon request. Inactive accounts may be deleted after a prolonged period of inactivity (up to 3 years).
  • Billing and accounting records are retained for the period required under applicable French accounting law (generally up to ten years).
  • Analytics data is retained for a limited duration (up to 24 months) and may be anonymized or aggregated.
  • Support communications are retained for a limited period (up to 3 years) necessary to manage user relations and resolve disputes.
  • Security logs are retained for up to 12 months.

When retention is no longer necessary, personal data is deleted or irreversibly anonymized.

6. Recipients of Personal Data

We may share personal data with trusted service providers who assist us in operating Moula, including:

  • Hosting and infrastructure providers
  • Payment processors
  • Analytics and error monitoring providers (e.g., PostHog, Sentry)
  • Customer support tools (e.g., Crisp)

These providers process personal data on our behalf and are contractually bound to appropriate confidentiality and data protection obligations.

We do not sell personal data.

Personal data may also be disclosed if required by law or by a valid request from public authorities.

7. International Data Transfers

Some of our service providers may be located outside the European Union, including in the United States.

Where personal data is transferred outside the EU, we ensure that appropriate safeguards are implemented in accordance with GDPR, such as:

  • Transfers to entities certified under the EU–U.S. Data Privacy Framework where applicable; or
  • Standard Contractual Clauses approved by the European Commission.

These safeguards are intended to ensure that personal data benefits from a level of protection essentially equivalent to that guaranteed within the European Union.

8. Security of Personal Data

We implement appropriate technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction.

These measures include secure hosting environments, encrypted data transmission (HTTPS), access control mechanisms, and internal policies governing data access.

Despite these safeguards, no system can guarantee absolute security. Users are responsible for maintaining the confidentiality of their login credentials.

9. Your Rights

Subject to applicable law, you have the right to:

  • Access your personal data
  • Request rectification of inaccurate data
  • Request deletion of your data
  • Request restriction of processing
  • Object to certain processing activities
  • Request data portability where applicable
  • Withdraw consent where processing is based on consent

California residents: Under the California Consumer Privacy Act (CCPA), you may request disclosure of categories of data collected and may request deletion. You may opt out of the "sale" or "sharing" of your personal information via our Cookies page.

You also have the right to lodge a complaint with the French supervisory authority (CNIL) or with the data protection authority of your country of residence within the EU.

California residents may also contact the California Attorney General's office.

Requests may be submitted via our contact form. We may request additional information to verify your identity before responding.

10. Cookies and Similar Technologies

Moula uses cookies and similar technologies to operate the Service, ensure security, analyze usage, and, where applicable, support marketing activities.

  • Essential cookies necessary for authentication and security are always active.
  • Analytics cookies (e.g., PostHog, in-depth Sentry) are activated only with your consent where required by applicable law, notably within the EU, EEA, United Kingdom, and Switzerland.
  • Support cookies (e.g., Crisp chat) for in-app support are activated only with your consent where required.
  • Marketing cookies (e.g., Google, Meta, Reddit pixels) are activated only with your consent where required.

You may manage your cookie preferences at any time via the Cookies link available in the footer of our website.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or the Service.

Where changes materially affect your rights, we will provide appropriate notice.

The date of the latest revision appears at the top of this Policy.

12. Contact

For any questions regarding this Privacy Policy or the processing of your personal data, you may contact:

SAROMAN SERVICES SARL
9 rue des Colonnes
75002 Paris
France

Contact via the contact form on our website or the in-app chat while logged in to your account.